CIA Responds to WikiLeaks Hacking Tool Dump

The U.S. Central Intelligence Agency (CIA) has issued a statement in response to the claims made by WikiLeaks in regards to the agency’s hacking tools, and denied conducting electronic surveillance on Americans.

The CIA and the FBI have launched an investigation into the Vault 7 dump and unnamed U.S. officials told Reuters that the most likely source of the breach is a CIA contractor.

In its initial press release, WikiLeaks said the files, originating from the CIA’s Center for Cyber Intelligence (CCI) in Langley, Virginia, had been circulating among former government hackers and contractors. One of them allegedly provided the data to the whistleblower organization.

The CIA has refused to comment on the authenticity of the leaked documents or the status of its investigation into this incident. However, the agency pointed out that its mission is to “aggressively collect” foreign intelligence from overseas entities in an effort to protect America from adversaries such as terrorists and hostile nation states.

“It is CIA’s job to be innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad,” the CIA said in its statement.

The nature of the tools suggests that they are designed for targeted operations – rather than mass surveillance – and the CIA pointed out that it’s legally prohibited from spying on individuals in the United States. The agency said its activities “are subject to rigorous oversight to ensure that they comply fully with U.S. law and the Constitution.”

The organization has expressed concern about the impact of the Vault 7 dump on its operations.

“The American public should be deeply troubled by any Wikileaks disclosure designed to damage the Intelligence Community’s ability to protect America against terrorists and other adversaries. Such disclosures not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm,” the agency said.

WikiLeaks has claimed that the U.S. consulate in Frankfurt is used by the CIA as a covert base for hackers targeting Europe, the Middle East and Africa. Germany’s foreign ministry issued a statement saying that it takes such information very seriously and that it’s in touch with the U.S. on this matter.

According to Reuters, China also expressed concern after the WikiLeaks documents showed that the CIA may have targeted the devices of several Chinese companies, including Huawei and ZTE. The country once again claimed it opposes all forms of hacking and urged the U.S. to “stop listening in, monitoring, stealing secrets and internet hacking against China and other countries.”

London-based Privacy International has also issued a statement, saying that if the leaks are authentic, “they demonstrate what we’ve long been warning about government hacking powers — that they can be extremely intrusive, have enormous security implications, and are not sufficiently regulated.”

Technology companies whose products are listed in the Vault 7 leaks have launched investigations to assess the impact of the alleged CIA tools. Following an initial analysis of the available information – WikiLeaks has yet to make public any actual exploits – security firms and tech giants such as Apple and Google have determined that a majority of the vulnerabilities do not affect the latest versions of their products.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.